from the not-the-same-thing dept

A recent article in the NY Times talked about how the US State Department is behind a project to build up mesh networks that can be used in countries with authoritarian governments, helping citizens of those places access an internet that is often greatly limited. This isn't actually new. In fact, three years ago we wrote about another NY Times article about the State Department funding these kinds of projects. Nor is the specific project in the latest NYT article new. A few months back, we had covered an important milestone with Commotion, the mesh networking project coming out of New America Foundation's Open Technology Institute (OTI).

But the latest NYT article is especially odd, not because it repeats old news, but because it tries to build a narrative that Commotion and other such projects funded by the State Department are somehow awkward because they could be used to fight back against government surveillance, such as those of the NSA. The problem is that the issues are unrelated, and nothing in mesh networking deals with stopping surveillance. As Ed Felten notes, the Times reporters appear to be confusing things greatly:

There’s only one problem: mesh networks don’t do much to protect you from surveillance. They’re useful, but not for that purpose.

A mesh network is constructed from a bunch of nodes that connect to each other opportunistically and figure out how to forward packets of data among themselves. This is in constrast to the hub-and-spoke model common on most networks.

The big advantage of mesh networks is availability: set up nodes wherever you can, and they’ll find other nearby nodes and self-organize to route data. It’s not always the most efficient way to move data, but it is resilient and can provide working connectivity in difficult places and conditions. This alone makes mesh networks worth pursing.

But what mesh networks don’t do is protect your privacy. As soon as an adversary connects to your network, or your network links up to the Internet, you’re dealing with the same security and privacy problems you would have had with an ordinary connection.

The whole point of Commotion and other mesh networks is availability, not privacy. The target use is for places where governments are seeking to shut down internet access, not surveil on them. Yes, there is a case where if you could set up a mesh network that then routed around government surveillance points you could circumvent some level of surveillance, but the networks themselves are not designed to be surveillance proof. In fact, back in January when we wrote about Commotion, we pointed out directly that the folks behind the project themselves are pretty explicit that Commotion is not about hiding your identity or preventing monitoring of internet traffic.

Could a mesh network also be combined with stronger privacy and security protections? Yes, but that's different than just assuming that mesh networking takes on that problem by itself. It doesn't -- and it's misleading for the NYT to suggest otherwise.

from the exploring-all-the-avenues dept

One of the bitter lessons we learned from Snowden's leaks is that the Internet has been compromised by the NSA (with some help from GCHQ) at just about every level, from our personal software and hardware, through ISPs to major online services. That has prompted some in the Internet engineering community to begin thinking about how to put back as much of the lost security as possible. But even if that's feasible, it's clearly going to take many years to make major changes to something as big and complex as the Net.

However, there's an alternative approach to digital connectivity that has been around for a while, and that's already being used around the world. Wireless meshes allow ad-hoc networks to be set up independently of the Internet's main wiring by hooking together a local collection of suitable devices. Mesh networks can be thrown up and torn down quickly; devices can join and leave them dynamically; and they can recover from breaks in the wireless links by setting up alternative paths. They can either be run as local area networks, disconnected from the Internet, or hooked into it, allowing single or multiple links to be shared by the entire mesh.

The Open Technology Institute formulates policy and regulatory reforms to support open architectures and open source innovations and facilitates the development and implementation of open technologies and communications networks. OTI promotes affordable, universal, and ubiquitous communications networks through partnerships with communities, researchers, industry, and public interest groups and is committed to maximizing the potentials of innovative open technologies by studying their social and economic impacts – particularly for poor, rural, and other underserved constituencies. OTI provides in-depth, objective research, analysis, and findings for policy decision-makers and the general public.

Open Technology Institute (OTI) announced today that it has completed Beta testing and upgrades of its groundbreaking mesh networking toolkit, and is launching Commotion 1.0 in time for the new year. The launch represents the first full iteration of the technology, which makes it possible for communities to build and own their communications infrastructure using "mesh" networking. In mesh networks, users connect their devices to each other without having to route through traditional major infrastructure.

Commotion 1.0 is an open-source toolkit that provides users software and training materials to adapt mobile phones, computers, and other wireless devices to create decentralized mesh networks so they can connect and share local services. A mesh network can function locally as an Intranet, but when one user connects to the Internet, all users will have access to it as well.

Cannot hide your identity
Does not prevent monitoring of internet traffic
Does not provide strong security against monitoring over the mesh
Can be jammed with radio/data-interference

But it's important to remember that Commotion and the other wireless mesh systems were designed in a more innocent time, before we knew the extent to which we were being spied upon, and how much the basic protocols of the Internet had been compromised. Now that we've learnt about all those things, it would be good to use that knowledge to spur the creation of the next generation of wireless mesh systems with high levels of security and privacy, so that we can add them to our own collection of tools and tricks in the fight to build a surveillance-resistant Net.